Upload
miranda-gardner
View
93
Download
6
Embed Size (px)
DESCRIPTION
DEV380 用 VS2005 轻轻松松开发安全应用. 蔺华 ISV 开发合作经理 DPE Microsoft Corporation. 您最担心的安全问题是什么 ?. #1 回答 “ 提高代码安全性的软件工具 ”. 关于开发人员安全性的一些数据. “ 75 percent of hacks happen at the application” - Gartner “Security at the Application Level” - PowerPoint PPT Presentation
Citation preview
DEV380DEV380用用 VS2005VS2005轻轻松松开发安全应轻轻松松开发安全应用用
蔺华蔺华ISVISV 开发合作经理开发合作经理DPEDPEMicrosoft CorporationMicrosoft Corporation
您最担心的安全问题是什么您最担心的安全问题是什么 ??
#1 回答“提高代码安全性的软件工具”
关于开发人员安全性的一些数据关于开发人员安全性的一些数据
““75 percent of hacks happen at the application” - 75 percent of hacks happen at the application” - Gartner “Security at the Gartner “Security at the Application Level”Application Level”
"The conclusion is unavoidable: any notion that security is a matter of simply "The conclusion is unavoidable: any notion that security is a matter of simply protecting the network perimeter is hopelessly out of date” - protecting the network perimeter is hopelessly out of date” - IDC and IDC and Symantec, 2004Symantec, 2004
““11 of CERT’s 13 major security advisories for 2003 are bugs arising from 11 of CERT’s 13 major security advisories for 2003 are bugs arising from programming errors in applications [not the OS]” - programming errors in applications [not the OS]” - Carnegie Mellon Carnegie Mellon UniversityUniversity
““If only 50 percent of software vulnerabilities were removed prior to If only 50 percent of software vulnerabilities were removed prior to production … costs would be reduced by 75 percent” production … costs would be reduced by 75 percent” - - Gartner “Security at Gartner “Security at the Application Level”the Application Level”
““The battle between hackers and security professionals has moved from the The battle between hackers and security professionals has moved from the network layer to the Web applications themselves"network layer to the Web applications themselves" - - Network WorldNetwork World
““64 percent of developers are not confident in their ability to write secure 64 percent of developers are not confident in their ability to write secure applications” - applications” - Microsoft Developer ResearchMicrosoft Developer Research
// Example #1#define MAX (50)char szDest[MAX];strncpy(szDest,pszSrc,strlen(pszSrc));
Wrong buffer size!
Wrote NULL to element51, not 50!
// Example #2#define MAX (50)char szDest[MAX];strncpy(szDest,pszSrc,MAX);pszDest[MAX] = '\0';
SQL Injection!
// Example #3string strQry = "SELECT Count(*) FROM Users WHERE UserName='" + txtUser.Text + "' AND Password='" + txtPassword.Text + "'";
Or 1=1 --
True
SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password=''SELECT Count(*) FROM Users WHERE UserName='' Or 1=1
Hard to guess password!
Connecting as sysadmin
String concatfor dynamic SQL
Telling the bad guytoo much on failure
Create Project PoliciesCreate Project Policies
Create Policies around testing Create Policies around testing using VSTSusing VSTS
SCC Policy EngineSCC Policy EngineSCC Policy EngineSCC Policy Engine
Unit
Test
ing
U
nit
Test
ing
U
nit
Test
ing
U
nit
Test
ing
WI A
ssoci
ati
on
WI A
ssoci
ati
on
WI A
ssoci
ati
on
WI A
ssoci
ati
on
Sta
tic
An
aly
sis
Sta
tic
An
aly
sis
Sta
tic
An
aly
sis
Sta
tic
An
aly
sis
Rele
ase
Note
sR
ele
ase
Note
sR
ele
ase
Note
sR
ele
ase
Note
s
Cust
om
Polic
yC
ust
om
Polic
yC
ust
om
Polic
yC
ust
om
Polic
yPolicy Policy DefinitionsDefinitions•.NET Assemblies.NET Assemblies•Return Pass or Return Pass or Fail and messageFail and message•Customer Customer ExtensibleExtensible•User Over-ridableUser Over-ridable
““I have a complex application.
I have a complex application. Why is there no tool that helps
Why is there no tool that helps me find out the minimum
me find out the minimum security requirements of my
security requirements of my application?”application?”
“’“’I’d like to write applications
I’d like to write applications that do not require full trust,
that do not require full trust, but there is no easy way to test
but there is no easy way to test and debug applications like
and debug applications like this.”this.”
Listening to our Customers
Permission CalculatorPermission CalculatorChecks the security requirements of an applicationChecks the security requirements of an applicationStatically checks for called APIsStatically checks for called APIs
For each library API a permission set is returnedFor each library API a permission set is returned
Outputs estimate of minimum set of permissions Outputs estimate of minimum set of permissions required to run applicationrequired to run application
ApplicationAn entry point (Main, etc.)
Method A
Method B Method C
Method D
Method E
Method FDemand P1
Demand P2
Assert P1
Required permissions:
P2
Writing Partial Trust ApplicationsWriting Partial Trust Applications
Develop and Debug logged in as Least Develop and Debug logged in as Least PrivilegePrivilege
If a developer wants to write a least If a developer wants to write a least privilege application, she can log in as a privilege application, she can log in as a least privilege user herselfleast privilege user herself
Code Access Security Code Access Security Enables developers writing managed code Enables developers writing managed code to run the code in a sandbox using to run the code in a sandbox using custom privilegescustom privileges
IntelliSense in ZoneIntelliSense in Zone
Set a zoneSet a zoneGrays out items in the IntelliSense list that would cause an app Grays out items in the IntelliSense list that would cause an app to violate the security settingsto violate the security settingsAllows developers to catch security issues before they actually Allows developers to catch security issues before they actually write the codewrite the code
VB.NET My ClassesVB.NET My Classes
Exposes easy to use methods for many Exposes easy to use methods for many taskstasks
My.User.IsAuthenticated My.User.IsAuthenticated
My.User.CurrentPrincipal.IdentityMy.User.CurrentPrincipal.Identity
My.User.IsInRoleMy.User.IsInRole
My.User.NameMy.User.Name
Data Protection APIData Protection API
Built into .NET Framework 2.0Built into .NET Framework 2.0
Makes it easy to secure dataMakes it easy to secure data
Uses underlying features of Windows Uses underlying features of Windows 2000 and up2000 and up
ASP.NET Membership ServiceASP.NET Membership Service
Service for managing users and Service for managing users and credentialscredentials
Declarative access via Web Site Admin Declarative access via Web Site Admin ToolTool
Programmatic access via Membership and Programmatic access via Membership and MembershipUser classesMembershipUser classes
Membership class provides base Membership class provides base servicesservices
MembershipUser class represents MembershipUser class represents users and provides additional servicesusers and provides additional services
Provider-based for flexible data storageProvider-based for flexible data storage
ASP.NET Role Management ServiceASP.NET Role Management Service
Role-based security in a boxRole-based security in a boxDeclarative access via Web Site Admin Declarative access via Web Site Admin ToolTool
Programmatic access via Roles classProgrammatic access via Roles class
Roles class contains static methods for Roles class contains static methods for creating roles, adding users to roles, creating roles, adding users to roles, etc.etc.
Maps users to roles on each requestMaps users to roles on each requestReplaces Replaces Application_AuthenticateRequestApplication_AuthenticateRequest
Provider-based for flexible data storageProvider-based for flexible data storage
ASP.NET Configuration ClassASP.NET Configuration Class
Gateway to the configuration APIGateway to the configuration API
Provides merged view of configuration Provides merged view of configuration settings for machine or applicationsettings for machine or application
ConfigurationManager implementation ConfigurationManager implementation for combination Winform/Webform for combination Winform/Webform appsapps
ConfigurationManagerpart of ConfigurationManagerpart of System.ConfigurationSystem.Configuration
Can be used to automatically Can be used to automatically encrypt/decrypt sectionsencrypt/decrypt sections
Static Analysis ToolsStatic Analysis Tools
PREfastPREfastScans applications built in C/C++ for security Scans applications built in C/C++ for security vulnerabilitiesvulnerabilities
Examples:Examples:Buffer overrunsBuffer overrunsUn-initialized memoryUn-initialized memoryMemory leaksMemory leaks
FxCopFxCopScans managed code for 200 total defectsScans managed code for 200 total defects
ExamplesExamplesSQL injectionSQL injectionPermissionsPermissionsPointersPointers
Integrated Bug TrackingIntegrated Bug Tracking
Easy, Integrated into Easy, Integrated into development processdevelopment process
Design your own Design your own process – Fields, process – Fields, Forms, States, RulesForms, States, Rules
Extensive linking – Extensive linking – bugs, reports, artifactsbugs, reports, artifacts
NotificationsNotifications
C++ SafeCRT LibrariesC++ SafeCRT Libraries
Changes in C/C++ Libraries where specific Changes in C/C++ Libraries where specific functions were found to have unsafe functions were found to have unsafe designdesign
Example: Example: char * char * strcpy strcpy (char * dest, const (char * dest, const char * src)char * src)
Microsoft has deprecated these functionsMicrosoft has deprecated these functions
Compiler warnings when inherently Compiler warnings when inherently unsafe functions are usedunsafe functions are used
Code Coverage and Stress TestingCode Coverage and Stress Testing
Code CoverageCode CoverageCode coverage analysisCode coverage analysis
Enables development teams to know with Enables development teams to know with confidence how much and what parts of their confidence how much and what parts of their code is exercised by their testing, thus allowing code is exercised by their testing, thus allowing them to focus on the weak spots.them to focus on the weak spots.
Load/Stress TestingLoad/Stress TestingSome defects only manifest themselves when the Some defects only manifest themselves when the server is put under load or stress. server is put under load or stress.
Includes load/stress testing for your web Includes load/stress testing for your web applications.applications.
/GS Switch/GS Switch
/GS Switch/GS SwitchUsed to mitigate buffer overrun exploitsUsed to mitigate buffer overrun exploitsUsed to recompile Windows XPSP2 and Windows Server 2003Used to recompile Windows XPSP2 and Windows Server 2003Considerable enhancementsConsiderable enhancementsOn by defaultOn by default
EB
P
EIP ArgsOther vars Buffers
cookie
Higher addressesVC++ Stack
Application VerifierApplication Verifier
Application VerifierApplication VerifierFocuses on detecting the common issues Focuses on detecting the common issues that deal with application security and that deal with application security and quality such as:quality such as:
heap corruptionheap corruptionhandlehandlelockslocks
Results in:Results in:Better qualityBetter qualityIncreased securityIncreased securityReduced debugging timeReduced debugging time
Native codeNative code
Security Development LifecycleSecurity Development Lifecycle
*Steve Lipner and Michael Howard, Security Engineering Strategy, Microsoft
Inception-Security advisor assigned-Ensure security milestones understood-Identify security requirements
Design & Threat Modeling-Design guidelines documented-Threat models produced-Security architecture documented-Threat model and design review completed-Ship criteria agreed to
Guidelines & Best Practices-Coding and test standards followed-Test plans developed and executed (including fuzz testing)-Tools used (Code analysis)
Security Push-Threat models reviewed-Code reviewed-Attack testing-New threats evaluated-Security testing completed
Final Security Review (FSR)-Threat models reviewed-Unfixed bugs reviewed-New bugs reviewed (postmortem)-Penetration testing completed-Documentation archived
RTM & Deployment-Signoff by security team
Security Response Feedback-Tools/processes evaluated-Postmortems completed
http://msdn.microsoft.com/security/sdl
ConclusionConclusion
Security is a challengeSecurity is a challenge
People, Process, and People, Process, and ToolsTools
Visual Studio 2005 will Visual Studio 2005 will help you write more help you write more secure code with secure code with innovative tools and innovative tools and featuresfeatures
http://msdn.microsoft.com/security
Questions?